1 /* Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. |
1 /* |
|
2 * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * |
3 * |
3 * Permission is hereby granted, free of charge, to any person obtaining a |
4 * Permission is hereby granted, free of charge, to any person obtaining a |
4 * copy of this software and associated documentation files (the "Software"), |
5 * copy of this software and associated documentation files (the "Software"), |
5 * to deal in the Software without restriction, including without limitation |
6 * to deal in the Software without restriction, including without limitation |
6 * the rights to use, copy, modify, merge, publish, distribute, sublicense, |
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, |
115 |
113 |
116 static int OwnerUIDint; |
114 static int OwnerUIDint; |
117 static Selection *tsol_sel_agnt = NULL; /* entry in CurrentSelection to get seln */ |
115 static Selection *tsol_sel_agnt = NULL; /* entry in CurrentSelection to get seln */ |
118 static Atom tsol_atom_sel_agnt = 0; /* selection agent atom created during init */ |
116 static Atom tsol_atom_sel_agnt = 0; /* selection agent atom created during init */ |
119 |
117 |
|
118 /* |
|
119 * Key to lookup devPrivate data in various structures |
|
120 */ |
|
121 DevPrivateKeyRec tsolClientPrivateKeyRec; |
|
122 DevPrivateKeyRec tsolPixmapPrivateKeyRec; |
|
123 DevPrivateKeyRec tsolWindowPrivateKeyRec; |
|
124 DevPrivateKeyRec tsolPropertyPrivateKeyRec; |
|
125 DevPrivateKeyRec tsolSelectionPrivateKeyRec; |
|
126 DevPrivateKeyRec tsolDevicePrivateKeyRec; |
|
127 |
|
128 |
120 int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr client); |
129 int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr client); |
121 int (*TsolSavedSwappedProcVector[PROCVECTORSIZE])(ClientPtr client); |
130 int (*TsolSavedSwappedProcVector[PROCVECTORSIZE])(ClientPtr client); |
122 |
131 |
123 static SecurityHook tsolSecHook; |
132 static SecurityHook tsolSecHook; |
124 |
133 |
142 |
151 |
143 /* other callbacks */ |
152 /* other callbacks */ |
144 static CALLBACK(TsolClientStateCallback); |
153 static CALLBACK(TsolClientStateCallback); |
145 static CALLBACK(TsolSelectionCallback); |
154 static CALLBACK(TsolSelectionCallback); |
146 |
155 |
147 extern int tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres, |
156 extern int tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres, |
148 xpolicy_t flags, int reqcode); |
157 xpolicy_t flags, int reqcode); |
149 extern void TsolCheckDrawableAccess(CallbackListPtr *pcbl, pointer nulldata, |
158 extern void TsolCheckDrawableAccess(CallbackListPtr *pcbl, pointer nulldata, |
150 pointer calldata); |
159 pointer calldata); |
151 extern void TsolCheckXIDAccess(CallbackListPtr *pcbl, pointer nulldata, |
160 extern void TsolCheckXIDAccess(CallbackListPtr *pcbl, pointer nulldata, |
152 pointer calldata); |
161 pointer calldata); |
153 extern Bool client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv); |
162 extern Bool client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv); |
154 |
163 |
155 extern priv_set_t *pset_win_mac_write; |
164 extern priv_set_t *pset_win_mac_write; |
156 extern priv_set_t *pset_win_dac_write; |
165 extern priv_set_t *pset_win_dac_write; |
169 ExtensionEntry *extEntry; |
178 ExtensionEntry *extEntry; |
170 int i; |
179 int i; |
171 |
180 |
172 /* sleep(20); */ |
181 /* sleep(20); */ |
173 |
182 |
174 /* MAC/Label support is available only if labeld svc is enabled */ |
183 /* MAC/Label support is available only if labeld svc is enabled */ |
175 if (is_system_labeled()) { |
184 if (is_system_labeled()) { |
176 tsol_mac_enabled = TRUE; |
185 tsol_mac_enabled = TRUE; |
177 } else { |
186 } else { |
178 /* DAC support can be added in future */ |
187 /* DAC support can be added in future */ |
179 tsol_mac_enabled = FALSE; |
188 tsol_mac_enabled = FALSE; |
203 |
212 |
204 if (!AddCallback(&SelectionCallback, TsolSelectionCallback, NULL)) |
213 if (!AddCallback(&SelectionCallback, TsolSelectionCallback, NULL)) |
205 return; |
214 return; |
206 |
215 |
207 /* Allocate storage in devPrivates */ |
216 /* Allocate storage in devPrivates */ |
208 if (!dixRequestPrivate(tsolPrivateKey, sizeof (TsolPrivateRec))) { |
217 if (!dixRegisterPrivateKey(tsolClientPrivateKey, PRIVATE_CLIENT, |
209 ErrorF("TsolExtensionInit: Cannot allocate devPrivate.\n"); |
218 sizeof (TsolInfoRec))) { |
|
219 ErrorF("TsolExtensionInit: Cannot allocate client private.\n"); |
|
220 return; |
|
221 } |
|
222 |
|
223 if (!dixRegisterPrivateKey(tsolPixmapPrivateKey, PRIVATE_PIXMAP, |
|
224 sizeof (TsolResRec))) { |
|
225 ErrorF("TsolExtensionInit: Cannot allocate pixmap private.\n"); |
|
226 return; |
|
227 } |
|
228 |
|
229 if (!dixRegisterPrivateKey(tsolWindowPrivateKey, PRIVATE_WINDOW, |
|
230 sizeof (TsolResRec))) { |
|
231 ErrorF("TsolExtensionInit: Cannot allocate window private.\n"); |
|
232 return; |
|
233 } |
|
234 |
|
235 if (!dixRegisterPrivateKey(tsolPropertyPrivateKey, PRIVATE_PROPERTY, |
|
236 sizeof (TsolResRec))) { |
|
237 ErrorF("TsolExtensionInit: Cannot allocate property private.\n"); |
|
238 return; |
|
239 } |
|
240 |
|
241 if (!dixRegisterPrivateKey(tsolSelectionPrivateKey, PRIVATE_SELECTION, |
|
242 sizeof (TsolResRec))) { |
|
243 ErrorF("TsolExtensionInit: Cannot allocate selection private.\n"); |
|
244 return; |
|
245 } |
|
246 |
|
247 if (!dixRegisterPrivateKey(tsolDevicePrivateKey, PRIVATE_DEVICE, |
|
248 sizeof (HotKeyRec))) { |
|
249 ErrorF("TsolExtensionInit: Cannot allocate device private.\n"); |
210 return; |
250 return; |
211 } |
251 } |
212 |
252 |
213 /* Initialize the client info for server itself */ |
253 /* Initialize the client info for server itself */ |
214 if (serverClient) { |
254 if (serverClient) { |
215 TsolInfoPtr tsolinfo = GetClientTsolInfo(serverClient); |
255 TsolInfoPtr tsolinfo = GetClientTsolInfo(serverClient); |
216 if (tsolinfo->sl == NULL) { |
256 if (tsolinfo->sl == NULL) { |
217 tsolinfo->sl = (bslabel_t *)lookupSL_low(); |
257 tsolinfo->sl = (bslabel_t *)lookupSL_low(); |
218 tsolinfo->uid = 0; |
258 tsolinfo->uid = 0; |
219 tsolinfo->pid = getpid(); |
259 tsolinfo->pid = getpid(); |
220 snprintf(tsolinfo->pname, MAXNAME, "client id %d (pid %d)", |
260 snprintf(tsolinfo->pname, MAXNAME, |
221 serverClient->index, tsolinfo->pid); |
261 "client id %d (pid %d)", |
|
262 serverClient->index, tsolinfo->pid); |
222 } |
263 } |
223 } |
264 } |
224 |
265 |
225 LoadTsolConfig(); |
266 LoadTsolConfig(); |
226 |
267 |
282 XaceResourceAccessRec *rec = calldata; |
323 XaceResourceAccessRec *rec = calldata; |
283 RESTYPE rtype = rec->rtype; |
324 RESTYPE rtype = rec->rtype; |
284 |
325 |
285 switch (rtype) { |
326 switch (rtype) { |
286 case RT_WINDOW: |
327 case RT_WINDOW: |
287 case RT_PIXMAP: |
328 case RT_PIXMAP: |
288 /* Drawables policy */ |
329 /* Drawables policy */ |
289 TsolCheckDrawableAccess(pcbl, nulldata, calldata); |
330 TsolCheckDrawableAccess(pcbl, nulldata, calldata); |
290 break; |
331 break; |
291 |
332 |
292 case RT_GC: |
333 case RT_GC: |
293 case RT_CURSOR: |
334 case RT_CURSOR: |
294 case RT_FONT: |
335 case RT_FONT: |
295 TsolCheckXIDAccess(pcbl, nulldata, calldata); |
336 TsolCheckXIDAccess(pcbl, nulldata, calldata); |
296 break; |
337 break; |
297 default: |
338 default: |
298 /* |
339 /* |
299 * Handle other resource types. |
340 * Handle other resource types. |
300 * In RANDR extension, usual window policy is |
341 * In RANDR extension, usual window policy is |
301 * enforced before checking for RREventType. |
342 * enforced before checking for RREventType. |
302 */ |
343 */ |
303 if (rtype == RREventType) { |
344 if (rtype == RREventType) { |
304 rec->status = Success; |
345 rec->status = Success; |
305 } |
346 } |
310 static |
351 static |
311 CALLBACK(TsolSelectionCallback) |
352 CALLBACK(TsolSelectionCallback) |
312 { |
353 { |
313 SelectionInfoRec *pselinfo = (SelectionInfoRec *)calldata; |
354 SelectionInfoRec *pselinfo = (SelectionInfoRec *)calldata; |
314 Selection *pSel = pselinfo->selection; |
355 Selection *pSel = pselinfo->selection; |
315 TsolResPtr tsolseln = TsolResourcePrivate(pSel); |
356 TsolResPtr tsolseln = TsolSelectionPrivate(pSel); |
316 |
357 |
317 switch (pselinfo->kind) { |
358 switch (pselinfo->kind) { |
318 case SelectionClientClose: |
359 case SelectionClientClose: |
319 if (tsol_sel_agnt && pSel->selection == tsol_sel_agnt->selection) { |
360 if (tsol_sel_agnt && pSel->selection == tsol_sel_agnt->selection) { |
320 tsol_sel_agnt = NULL; /* selection manager died. */ |
361 tsol_sel_agnt = NULL; /* selection manager died. */ |
321 } |
362 } |
322 /* fall through to reset the SL */ |
363 /* fall through to reset the SL */ |
323 |
364 |
324 case SelectionWindowDestroy: |
365 case SelectionWindowDestroy: |
325 tsolseln->sl = NULL; |
366 tsolseln->sl = NULL; |
326 break; |
367 break; |
327 |
368 |
328 default: |
369 default: |
329 /* All others handled in SelectionAccess handler */ |
370 /* All others handled in SelectionAccess handler */ |
330 break; |
371 break; |
753 if (!client_has_privilege(tsolinfo, pset_win_mac_write)) { |
792 if (!client_has_privilege(tsolinfo, pset_win_mac_write)) { |
754 return (BadAccess); |
793 return (BadAccess); |
755 } |
794 } |
756 |
795 |
757 /* Initialize property created internally by server */ |
796 /* Initialize property created internally by server */ |
758 tsolprop = TsolResourcePrivate(pProp); |
797 tsolprop = TsolPropertyPrivate(pProp); |
759 |
798 |
760 sl = (bslabel_t *)(stuff + 1); |
799 sl = (bslabel_t *)(stuff + 1); |
761 |
800 |
762 if (!blequal(tsolprop->sl, sl)) { |
801 if (!blequal(tsolprop->sl, sl)) { |
763 tsolprop->sl = lookupSL(sl); |
802 tsolprop->sl = lookupSL(sl); |
816 if (!client_has_privilege(tsolinfo, pset_win_mac_write)) { |
854 if (!client_has_privilege(tsolinfo, pset_win_mac_write)) { |
817 return (BadAccess); |
855 return (BadAccess); |
818 } |
856 } |
819 |
857 |
820 /* Initialize property created internally by server */ |
858 /* Initialize property created internally by server */ |
821 tsolprop = TsolResourcePrivate(pProp); |
859 tsolprop = TsolPropertyPrivate(pProp); |
822 |
860 |
823 tsolprop->uid = stuff->uid; |
861 tsolprop->uid = stuff->uid; |
824 |
862 |
825 return (client->noClientException); |
863 return (client->noClientException); |
826 } |
864 } |
856 memcpy(&SessionLO, sl, SL_SIZE); |
893 memcpy(&SessionLO, sl, SL_SIZE); |
857 return (client->noClientException); |
894 return (client->noClientException); |
858 |
895 |
859 case IsWindow: |
896 case IsWindow: |
860 rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess); |
897 rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess); |
861 if (rc != Success) |
898 if (rc != Success) |
862 return rc; |
899 return rc; |
863 |
900 |
864 if (pWin) |
901 if (pWin) |
865 { |
902 { |
866 tsolres = TsolResourcePrivate(pWin); |
903 tsolres = TsolWindowPrivate(pWin); |
867 } |
904 } |
868 else |
905 else |
869 { |
906 { |
870 client->errorValue = stuff->id; |
907 client->errorValue = stuff->id; |
871 return (BadWindow); |
908 return (BadWindow); |
873 break; |
910 break; |
874 |
911 |
875 case IsPixmap: |
912 case IsPixmap: |
876 rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client, |
913 rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client, |
877 M_DRAWABLE_PIXMAP, DixWriteAccess); |
914 M_DRAWABLE_PIXMAP, DixWriteAccess); |
878 if (rc != Success) |
915 if (rc != Success) |
879 return rc; |
916 return rc; |
880 if (pMap) |
917 if (pMap) |
881 { |
918 { |
882 tsolres = TsolResourcePrivate(pMap); |
919 tsolres = TsolPixmapPrivate(pMap); |
883 } |
920 } |
884 else |
921 else |
885 { |
922 { |
886 client->errorValue = stuff->id; |
923 client->errorValue = stuff->id; |
887 return (BadPixmap); |
924 return (BadPixmap); |
956 AddUID(&OwnerUIDint); |
992 AddUID(&OwnerUIDint); |
957 return (client->noClientException); |
993 return (client->noClientException); |
958 |
994 |
959 case IsWindow: |
995 case IsWindow: |
960 rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess); |
996 rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess); |
961 if (rc != Success) |
997 if (rc != Success) |
962 return rc; |
998 return rc; |
963 |
999 |
964 if (pWin) |
1000 if (pWin) |
965 { |
1001 { |
966 tsolres = TsolResourcePrivate(pWin); |
1002 tsolres = TsolWindowPrivate(pWin); |
967 } |
1003 } |
968 else |
1004 else |
969 { |
1005 { |
970 client->errorValue = stuff->id; |
1006 client->errorValue = stuff->id; |
971 return (BadWindow); |
1007 return (BadWindow); |
1095 /* Transfer the client info to reply rec */ |
1129 /* Transfer the client info to reply rec */ |
1096 rep.type = X_Reply; |
1130 rep.type = X_Reply; |
1097 rep.sequenceNumber = client->sequence; |
1131 rep.sequenceNumber = client->sequence; |
1098 |
1132 |
1099 /* allocate temp storage for labels */ |
1133 /* allocate temp storage for labels */ |
1100 sl = (bslabel_t *)(xalloc(SL_SIZE)); |
1134 sl = malloc(SL_SIZE); |
1101 rep.data00 = rep.data01 = 0; |
1135 rep.data00 = rep.data01 = 0; |
1102 if (sl == NULL) |
1136 if (sl == NULL) |
1103 return (BadAlloc); |
1137 return (BadAlloc); |
1104 |
1138 |
1105 /* fill the fields as per request mask */ |
1139 /* fill the fields as per request mask */ |
1167 |
1201 |
1168 /* first see if property already exists */ |
1202 /* first see if property already exists */ |
1169 pProp = wUserProps (pWin); |
1203 pProp = wUserProps (pWin); |
1170 while (pProp) |
1204 while (pProp) |
1171 { |
1205 { |
1172 tsolprop = TsolResourcePrivate(pProp); |
1206 tsolprop = TsolPropertyPrivate(pProp); |
1173 |
1207 |
1174 if (pProp->propertyName == stuff->atom) { |
1208 if (pProp->propertyName == stuff->atom) { |
1175 |
1209 |
1176 if (tsolpolyinstinfo.enabled) { |
1210 if (tsolpolyinstinfo.enabled) { |
1177 if (tsolprop->uid == tsolpolyinstinfo.uid && |
1211 if (tsolprop->uid == tsolpolyinstinfo.uid && |
1188 } |
1222 } |
1189 |
1223 |
1190 if (!pProp) |
1224 if (!pProp) |
1191 { |
1225 { |
1192 /* property does not exist, use window's attributes */ |
1226 /* property does not exist, use window's attributes */ |
1193 tsolres = TsolResourcePrivate(pWin); |
1227 tsolres = TsolWindowPrivate(pWin); |
1194 tsolprop = NULL; |
1228 tsolprop = NULL; |
1195 } |
1229 } |
1196 |
1230 |
1197 if (stuff->mask & RES_UID) |
1231 if (stuff->mask & RES_UID) |
1198 { |
1232 { |
1199 rep.uid = tsolprop ? tsolprop->uid : tsolres->uid; |
1233 rep.uid = tsolprop ? tsolprop->uid : tsolres->uid; |
1200 } |
1234 } |
1201 |
1235 |
1202 /* allocate temp storage for labels */ |
1236 /* allocate temp storage for labels */ |
1203 sl = (bslabel_t *)(xalloc(SL_SIZE)); |
1237 sl = malloc(SL_SIZE); |
1204 rep.sllength = rep.illength = 0; |
1238 rep.sllength = rep.illength = 0; |
1205 if (sl == NULL) |
1239 if (sl == NULL) |
1206 return (BadAlloc); |
1240 return (BadAlloc); |
1207 |
1241 |
1208 /* fill the fields as per request mask */ |
1242 /* fill the fields as per request mask */ |
1272 { |
1306 { |
1273 rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); |
1307 rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); |
1274 if (rc != Success) |
1308 if (rc != Success) |
1275 return rc; |
1309 return rc; |
1276 |
1310 |
1277 tsolres = TsolResourcePrivate(pWin); |
1311 tsolres = TsolWindowPrivate(pWin); |
1278 } |
1312 } |
1279 |
1313 |
1280 if (stuff->resourceType == IsPixmap && |
1314 if (stuff->resourceType == IsPixmap && |
1281 (stuff->mask & (RES_UID | RES_SL ))) |
1315 (stuff->mask & (RES_UID | RES_SL ))) |
1282 { |
1316 { |
1283 rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client, |
1317 rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client, |
1284 M_DRAWABLE_PIXMAP, DixWriteAccess); |
1318 M_DRAWABLE_PIXMAP, DixWriteAccess); |
1285 if (rc != Success) |
1319 if (rc != Success) |
1286 return rc; |
1320 return rc; |
1287 |
1321 |
1288 tsolres = TsolResourcePrivate(pMap); |
1322 tsolres = TsolPixmapPrivate(pMap); |
1289 } |
1323 } |
1290 |
1324 |
1291 if (stuff->mask & RES_UID) |
1325 if (stuff->mask & RES_UID) |
1292 { |
1326 { |
1293 rep.uid = tsolres->uid; |
1327 rep.uid = tsolres->uid; |
1294 } |
1328 } |
1295 |
1329 |
1296 /* allocate temp storage for labels */ |
1330 /* allocate temp storage for labels */ |
1297 sl = (bslabel_t *)(xalloc(SL_SIZE)); |
1331 sl = malloc(SL_SIZE); |
1298 rep.sllength = rep.illength = rep.iillength = 0; |
1332 rep.sllength = rep.illength = rep.iillength = 0; |
1299 if (sl == NULL) |
1333 if (sl == NULL) |
1300 return (BadAlloc); |
1334 return (BadAlloc); |
1301 |
1335 |
1302 /* fill the fields as per request mask */ |
1336 /* fill the fields as per request mask */ |
1330 |
1364 |
1331 if (write_to_client == 1) |
1365 if (write_to_client == 1) |
1332 { |
1366 { |
1333 WriteToClient(client, reply_length, (char *)sl); |
1367 WriteToClient(client, reply_length, (char *)sl); |
1334 } |
1368 } |
1335 xfree(sl); |
1369 free(sl); |
1336 |
1370 |
1337 return (client->noClientException); |
1371 return (client->noClientException); |
1338 } |
1372 } |
1339 |
1373 |
1340 int |
1374 int |
1341 ProcMakeTPWindow(ClientPtr client) |
1375 ProcMakeTPWindow(ClientPtr client) |
1342 { |
1376 { |
1343 WindowPtr pWin = NULL, pParent; |
1377 WindowPtr pWin = NULL, pParent; |
1344 int rc; |
1378 int rc; |
1345 int err_code; |
|
1346 TsolInfoPtr tsolinfo; |
1379 TsolInfoPtr tsolinfo; |
1347 |
1380 |
1348 REQUEST(xMakeTPWindowReq); |
1381 REQUEST(xMakeTPWindowReq); |
1349 REQUEST_SIZE_MATCH(xMakeTPWindowReq); |
1382 REQUEST_SIZE_MATCH(xMakeTPWindowReq); |
1350 |
1383 |
1363 if (!noPanoramiXExtension) |
1396 if (!noPanoramiXExtension) |
1364 { |
1397 { |
1365 PanoramiXRes *panres = NULL; |
1398 PanoramiXRes *panres = NULL; |
1366 int j; |
1399 int j; |
1367 |
1400 |
1368 if ((panres = (PanoramiXRes *)LookupIDByType(stuff->id, XRT_WINDOW)) |
1401 rc = dixLookupResourceByType((pointer *) &panres, stuff->id, |
1369 == NULL) |
1402 XRT_WINDOW, client, DixWriteAccess); |
1370 return BadWindow; |
1403 if (rc != Success) |
|
1404 return rc; |
1371 |
1405 |
1372 FOR_NSCREENS_BACKWARD(j) |
1406 FOR_NSCREENS_BACKWARD(j) |
1373 { |
1407 { |
1374 rc = dixLookupWindow(&pWin, panres->info[j].id, |
1408 rc = dixLookupWindow(&pWin, panres->info[j].id, |
1375 client, DixWriteAccess); |
1409 client, DixWriteAccess); |
1376 if (rc != Success) |
1410 if (rc != Success) |
1377 return rc; |
1411 return rc; |
1378 |
1412 |
1379 /* window should not be root but child of root */ |
1413 /* window should not be root but child of root */ |
1506 GrabPtr kbdgrab = keybd->deviceGrab.grab; |
1538 GrabPtr kbdgrab = keybd->deviceGrab.grab; |
1507 DeviceIntPtr mouse = PickPointer(client); |
1539 DeviceIntPtr mouse = PickPointer(client); |
1508 GrabPtr ptrgrab = mouse->deviceGrab.grab; |
1540 GrabPtr ptrgrab = mouse->deviceGrab.grab; |
1509 |
1541 |
1510 if (kbdgrab) { |
1542 if (kbdgrab) { |
1511 grabclient = clients[CLIENT_ID(kbdgrab->resource)]; |
1543 grabclient = clients[CLIENT_ID(kbdgrab->resource)]; |
1512 if (client->index != grabclient->index) |
1544 if (client->index != grabclient->index) |
1513 (*keybd->deviceGrab.DeactivateGrab)(keybd); |
1545 (*keybd->deviceGrab.DeactivateGrab)(keybd); |
1514 } |
1546 } |
1515 |
1547 |
1516 if (ptrgrab) { |
1548 if (ptrgrab) { |
1517 grabclient = clients[CLIENT_ID(ptrgrab->resource)]; |
1549 grabclient = clients[CLIENT_ID(ptrgrab->resource)]; |
1518 if (client->index != grabclient->index) |
1550 if (client->index != grabclient->index) |
1519 (*mouse->deviceGrab.DeactivateGrab)(mouse); |
1551 (*mouse->deviceGrab.DeactivateGrab)(mouse); |
1520 } |
1552 } |
1521 } |
1553 } |
1522 |
1554 |
1692 struct svc_req r; |
1724 struct svc_req r; |
1693 bool_t res0, res1; |
1725 bool_t res0, res1; |
1694 XDR xdr; |
1726 XDR xdr; |
1695 SVCXPRT xprt; |
1727 SVCXPRT xprt; |
1696 |
1728 |
1697 temp_inmsg = (char *) xalloc(len); |
1729 temp_inmsg = malloc(len); |
1698 memmove(temp_inmsg, inmsg, len); |
1730 memmove(temp_inmsg, inmsg, len); |
1699 |
1731 |
1700 memset((char *)&msg, 0, sizeof(msg)); |
1732 memset((char *)&msg, 0, sizeof(msg)); |
1701 memset((char *)&r, 0, sizeof(r)); |
1733 memset((char *)&r, 0, sizeof(r)); |
1702 memset(cred_area, 0, sizeof(cred_area)); |
1734 memset(cred_area, 0, sizeof(cred_area)); |
1705 msg.rm_call.cb_cred.oa_base = cred_area; |
1737 msg.rm_call.cb_cred.oa_base = cred_area; |
1706 msg.rm_call.cb_verf.oa_base = verf_area; |
1738 msg.rm_call.cb_verf.oa_base = verf_area; |
1707 tsol_why = AUTH_FAILED; |
1739 tsol_why = AUTH_FAILED; |
1708 xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); |
1740 xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); |
1709 |
1741 |
1710 if ((r.rq_clntcred = (caddr_t) xalloc(MAX_AUTH_BYTES)) == NULL) |
1742 if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL) |
1711 goto bad1; |
1743 goto bad1; |
1712 r.rq_xprt = &xprt; |
1744 r.rq_xprt = &xprt; |
1713 |
1745 |
1714 /* decode into msg */ |
1746 /* decode into msg */ |
1715 res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); |
1747 res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); |
1790 /* |
1822 /* |
1791 * For multilevel desktop, limit connections to the trusted path |
1823 * For multilevel desktop, limit connections to the trusted path |
1792 * i.e. global zone until a user logs in and the trusted stripe |
1824 * i.e. global zone until a user logs in and the trusted stripe |
1793 * is in place. Unlabeled connections are rejected. |
1825 * is in place. Unlabeled connections are rejected. |
1794 */ |
1826 */ |
1795 if ((OwnerUID == (uid_t )(-1)) || (tsolMultiLevel && tpwin == NULL)) { |
1827 if ((OwnerUID == (uid_t)(-1)) || (tsolMultiLevel && tpwin == NULL)) { |
1796 if (HasTrustedPath(tsolinfo)) { |
1828 if (HasTrustedPath(tsolinfo)) { |
1797 auth_token = CheckAuthorization(name_length, name, data_length, |
1829 auth_token = CheckAuthorization(name_length, name, data_length, |
1798 data, client, reason); |
1830 data, client, reason); |
1799 } |
1831 } |
1800 } else { |
1832 } else { |
1845 |
1877 |
1846 if (system_audit_on && |
1878 if (system_audit_on && |
1847 (au_preselect(AUE_ClientConnect, &(tsolinfo->amask), |
1879 (au_preselect(AUE_ClientConnect, &(tsolinfo->amask), |
1848 AU_PRS_BOTH, AU_PRS_USECACHE) == 1)) { |
1880 AU_PRS_BOTH, AU_PRS_USECACHE) == 1)) { |
1849 int status; |
1881 int status; |
1850 u_short connect_port = 0; |
1882 ushort_t connect_port = 0; |
1851 struct in_addr *connect_addr = NULL; |
1883 struct in_addr *connect_addr = NULL; |
1852 struct sockaddr_in *sin; |
1884 struct sockaddr_in *sin; |
1853 struct sockaddr_in6 *sin6; |
1885 struct sockaddr_in6 *sin6; |
1854 |
1886 |
1855 switch (tsolinfo->saddr.ss_family) { |
1887 switch (tsolinfo->saddr.ss_family) { |
1936 rec->status = Success; |
1968 rec->status = Success; |
1937 return; |
1969 return; |
1938 } |
1970 } |
1939 |
1971 |
1940 tsolinfo = GetClientTsolInfo(client); |
1972 tsolinfo = GetClientTsolInfo(client); |
1941 tsolres = TsolResourcePrivate(pWin); |
1973 tsolres = TsolWindowPrivate(pWin); |
1942 flags = (TSOL_MAC|TSOL_DAC|TSOL_DOMINATE|TSOL_READOP); |
1974 flags = (TSOL_MAC|TSOL_DAC|TSOL_DOMINATE|TSOL_READOP); |
1943 rec->status = tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE); |
1975 rec->status = tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE); |
1944 |
1976 |
1945 #ifndef NO_TSOL_DEBUG_MESSAGES |
1977 #ifndef NO_TSOL_DEBUG_MESSAGES |
1946 if (rec->status != Success) { |
1978 if (rec->status != Success) { |
2009 * The callback function is only called if at least one matching selection exists. |
2041 * The callback function is only called if at least one matching selection exists. |
2010 * If it has no tsol attributes then we know it is the only match so we don't need to |
2042 * If it has no tsol attributes then we know it is the only match so we don't need to |
2011 * check for polyinstantiation. Just initialize it and return. |
2043 * check for polyinstantiation. Just initialize it and return. |
2012 */ |
2044 */ |
2013 |
2045 |
2014 tsolseln = TsolResourcePrivate(pSel); |
2046 tsolseln = TsolSelectionPrivate(pSel); |
2015 |
2047 |
2016 if (tsolseln->sl == NULL) { |
2048 if (tsolseln->sl == NULL) { |
2017 tsolseln->sl = tsolinfo->sl; |
2049 tsolseln->sl = tsolinfo->sl; |
2018 tsolseln->uid = tsolinfo->uid; |
2050 tsolseln->uid = tsolinfo->uid; |
2019 break; |
2051 break; |
2023 |
2055 |
2024 /* for poly-selections, search from the beginning to see if sl,uid match */ |
2056 /* for poly-selections, search from the beginning to see if sl,uid match */ |
2025 for (pSel = CurrentSelections; pSel; pSel = pSel->next) { |
2057 for (pSel = CurrentSelections; pSel; pSel = pSel->next) { |
2026 |
2058 |
2027 if (pSel->selection == selAtom) { |
2059 if (pSel->selection == selAtom) { |
2028 tsolseln = TsolResourcePrivate(pSel); |
2060 tsolseln = TsolSelectionPrivate(pSel); |
2029 if (tsolseln->uid == tsolinfo->uid && |
2061 if (tsolseln->uid == tsolinfo->uid && |
2030 tsolseln->sl == tsolinfo->sl) |
2062 tsolseln->sl == tsolinfo->sl) |
2031 break; |
2063 break; |
2032 } |
2064 } |
2033 } |
2065 } |
2034 |
2066 |
2035 if (pSel) { |
2067 if (pSel) { |
2036 /* found a match */ |
2068 /* found a match */ |
2037 *rec->ppSel = pSel; |
2069 *rec->ppSel = pSel; |
2038 } else { |
2070 } else { |
2039 /* |
2071 /* |
2040 * Doesn't match yet; we'll get called again |
2072 * Doesn't match yet; we'll get called again |
2041 * After it gets created. |
2073 * After it gets created. |
2042 */ |
2074 */ |
2055 |
2087 |
2056 /* for poly-selections, search from the beginning to see if sl,uid match */ |
2088 /* for poly-selections, search from the beginning to see if sl,uid match */ |
2057 for (pSel = CurrentSelections; pSel; pSel = pSel->next) { |
2089 for (pSel = CurrentSelections; pSel; pSel = pSel->next) { |
2058 |
2090 |
2059 if (pSel->selection == selAtom) { |
2091 if (pSel->selection == selAtom) { |
2060 tsolseln = TsolResourcePrivate(pSel); |
2092 tsolseln = TsolSelectionPrivate(pSel); |
2061 if (tsolseln->uid == tsolinfo->uid && |
2093 if (tsolseln->uid == tsolinfo->uid && |
2062 tsolseln->sl == tsolinfo->sl) |
2094 tsolseln->sl == tsolinfo->sl) |
2063 break; |
2095 break; |
2064 } |
2096 } |
2065 } |
2097 } |
2066 |
2098 |
2067 if (pSel) { |
2099 if (pSel) { |
2068 *rec->ppSel = pSel; /* found match */ |
2100 *rec->ppSel = pSel; /* found match */ |
2069 } else { |
2101 } else { |
2070 /* |
2102 /* |
2077 } |
2109 } |
2078 |
2110 |
2079 /* |
2111 /* |
2080 * Selection Agent processing. Override the owner |
2112 * Selection Agent processing. Override the owner |
2081 */ |
2113 */ |
2082 tsolseln = TsolResourcePrivate(pSel); |
2114 tsolseln = TsolSelectionPrivate(pSel); |
2083 if (!HasWinSelection(tsolinfo) && |
2115 if (!HasWinSelection(tsolinfo) && |
2084 (tsolseln->uid != tsolinfo->uid || |
2116 (tsolseln->uid != tsolinfo->uid || |
2085 tsolseln->sl != tsolinfo->sl) && |
2117 tsolseln->sl != tsolinfo->sl) && |
2086 pSel->window != None && tsol_sel_agnt != NULL) { |
2118 pSel->window != None && tsol_sel_agnt != NULL) { |
2087 pSel = tsol_sel_agnt; |
2119 pSel = tsol_sel_agnt; |
2088 } else { |
2120 } else { |
2089 if (HasWinSelection(tsolinfo) && |
2121 if (HasWinSelection(tsolinfo) && |
2090 (tsolinfo->flags & TSOL_AUDITEVENT)) { |
2122 (tsolinfo->flags & TSOL_AUDITEVENT)) { |
2091 auditwrite(AW_USEOFPRIV, 1, PRIV_WIN_SELECTION, AW_APPEND, AW_END); |
2123 auditwrite(AW_USEOFPRIV, 1, PRIV_WIN_SELECTION, AW_APPEND, AW_END); |
2092 } |
2124 } |
2093 } |
2125 } |
2094 *rec->ppSel = pSel; |
2126 *rec->ppSel = pSel; |
2121 Mask access_mode = rec->access_mode; |
2153 Mask access_mode = rec->access_mode; |
2122 TsolInfoPtr tsolinfo = GetClientTsolInfo(client); |
2154 TsolInfoPtr tsolinfo = GetClientTsolInfo(client); |
2123 int reqtype; |
2155 int reqtype; |
2124 TsolResPtr tsolprop; |
2156 TsolResPtr tsolprop; |
2125 TsolResPtr tsolres; |
2157 TsolResPtr tsolres; |
2126 int tsol_method; |
|
2127 Status retcode; |
2158 Status retcode; |
2128 xpolicy_t flags = 0; |
2159 xpolicy_t flags = 0; |
2129 |
2160 |
2130 reqtype = MAJOROP_CODE; |
2161 reqtype = MAJOROP_CODE; |
2131 tsolres = TsolResourcePrivate(pWin); |
2162 tsolres = TsolWindowPrivate(pWin); |
2132 if (pProp != NULL) { |
2163 if (pProp != NULL) { |
2133 int polyprop = PolyProperty(propertyName, pWin); |
2164 int polyprop = PolyProperty(propertyName, pWin); |
2134 |
2165 |
2135 tsolprop = TsolResourcePrivate(pProp); |
2166 tsolprop = TsolPropertyPrivate(pProp); |
2136 |
2167 |
2137 if (!polyprop) { |
2168 if (!polyprop) { |
2138 |
2169 |
2139 tsolres = TsolResourcePrivate(pWin); |
2170 tsolres = TsolWindowPrivate(pWin); |
2140 if (tsolprop->sl == NULL) { |
2171 if (tsolprop->sl == NULL) { |
2141 /* Initialize with label/uid etc */ |
2172 /* Initialize with label/uid etc */ |
2142 if (WindowIsRoot(pWin)) { |
2173 if (WindowIsRoot(pWin)) { |
2143 tsolprop->sl = tsolinfo->sl; /* use client's sl/uid */ |
2174 tsolprop->sl = tsolinfo->sl; /* use client's sl/uid */ |
2144 tsolprop->uid = tsolinfo->uid; |
2175 tsolprop->uid = tsolinfo->uid; |
2156 if (access_mode & (DixWriteAccess | DixSetAttrAccess)) |
2187 if (access_mode & (DixWriteAccess | DixSetAttrAccess)) |
2157 flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP); |
2188 flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP); |
2158 |
2189 |
2159 retcode = tsol_check_policy(tsolinfo, tsolprop, flags, MAJOROP_CODE); |
2190 retcode = tsol_check_policy(tsolinfo, tsolprop, flags, MAJOROP_CODE); |
2160 if (retcode != Success && (access_mode & DixGetAttrAccess)) { |
2191 if (retcode != Success && (access_mode & DixGetAttrAccess)) { |
2161 /* If current property is not accessible, move on to |
2192 /* If current property is not accessible, move on to |
2162 * next one for ListProperty |
2193 * next one for ListProperty |
2163 */ |
2194 */ |
2164 retcode = Success; |
2195 retcode = Success; |
2165 *rec->ppProp = pProp->next; /* ignore failurefor List Prop */ |
2196 *rec->ppProp = pProp->next; /* ignore failurefor List Prop */ |
2166 } |
2197 } |
2177 tsolprop->uid = tsolinfo->uid; |
2208 tsolprop->uid = tsolinfo->uid; |
2178 rec->status = Success; |
2209 rec->status = Success; |
2179 } else { |
2210 } else { |
2180 /* search for a matching (sl, uid) pair */ |
2211 /* search for a matching (sl, uid) pair */ |
2181 while (pProp) { |
2212 while (pProp) { |
2182 tsolprop = TsolResourcePrivate(pProp); |
2213 tsolprop = TsolPropertyPrivate(pProp); |
2183 if (pProp->propertyName == propertyName && |
2214 if (pProp->propertyName == propertyName && |
2184 tsolprop->sl == tsolinfo->sl && |
2215 tsolprop->sl == tsolinfo->sl && |
2185 tsolprop->uid == tsolinfo->uid) |
2216 tsolprop->uid == tsolinfo->uid) |
2186 break; /* match found */ |
2217 break; /* match found */ |
2187 pProp = pProp->next; |
2218 pProp = pProp->next; |
2188 } |
2219 } |
2189 |
2220 |
2190 if (pProp) { |
2221 if (pProp) { |
2191 *rec->ppProp = pProp; /* found */ |
2222 *rec->ppProp = pProp; /* found */ |
2192 rec->status = Success; |
2223 rec->status = Success; |
2193 } else { |
2224 } else { |