160 extern int TsolInitWindow(ClientPtr, WindowPtr); |
160 extern int TsolInitWindow(ClientPtr, WindowPtr); |
161 static void TsolSetClientInfo(ClientPtr client); |
161 static void TsolSetClientInfo(ClientPtr client); |
162 |
162 |
163 /* XACE hook callbacks */ |
163 /* XACE hook callbacks */ |
164 static CALLBACK(TsolCheckExtensionAccess); |
164 static CALLBACK(TsolCheckExtensionAccess); |
165 static CALLBACK(TsolCheckPropertyAccess); |
165 static CALLBACK(TsolAceCheckPropertyAccess); |
166 static CALLBACK(TsolCheckResourceIDAccess); |
166 static CALLBACK(TsolCheckResourceIDAccess); |
167 static CALLBACK(TsolProcessKeyboard); |
167 static CALLBACK(TsolProcessKeyboard); |
168 extern CALLBACK(TsolAuditStart); |
168 extern CALLBACK(TsolAuditStart); |
169 extern CALLBACK(TsolAuditEnd); |
169 extern CALLBACK(TsolAuditEnd); |
170 |
170 |
277 tsolSecHook.DeleteWindowFromAnySelections = TsolDeleteWindowFromAnySelections; |
277 tsolSecHook.DeleteWindowFromAnySelections = TsolDeleteWindowFromAnySelections; |
278 pSecHook = &tsolSecHook; |
278 pSecHook = &tsolSecHook; |
279 |
279 |
280 XaceRegisterCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, |
280 XaceRegisterCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, |
281 NULL); |
281 NULL); |
282 XaceRegisterCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess, |
282 XaceRegisterCallback(XACE_PROPERTY_ACCESS, TsolAceCheckPropertyAccess, |
283 NULL); |
283 NULL); |
284 XaceRegisterCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL); |
284 XaceRegisterCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL); |
285 XaceRegisterCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL); |
285 XaceRegisterCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL); |
286 XaceRegisterCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL); |
286 XaceRegisterCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL); |
287 XaceRegisterCallback(XACE_AUDIT_END, TsolAuditEnd, NULL); |
287 XaceRegisterCallback(XACE_AUDIT_END, TsolAuditEnd, NULL); |
501 static void |
501 static void |
502 TsolReset(ExtensionEntry *extension) |
502 TsolReset(ExtensionEntry *extension) |
503 { |
503 { |
504 free_win_privsets(); |
504 free_win_privsets(); |
505 XaceDeleteCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, NULL); |
505 XaceDeleteCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, NULL); |
506 XaceDeleteCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess, NULL); |
506 XaceDeleteCallback(XACE_PROPERTY_ACCESS, TsolAceCheckPropertyAccess, NULL); |
507 XaceDeleteCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL); |
507 XaceDeleteCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL); |
508 XaceDeleteCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL); |
508 XaceDeleteCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL); |
509 XaceDeleteCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL); |
509 XaceDeleteCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL); |
510 XaceDeleteCallback(XACE_AUDIT_END, TsolAuditEnd, NULL); |
510 XaceDeleteCallback(XACE_AUDIT_END, TsolAuditEnd, NULL); |
511 } |
511 } |
2084 (keyc->state != 0 && keyc->state == hotkey.altshift))) |
2084 (keyc->state != 0 && keyc->state == hotkey.altshift))) |
2085 HandleHotKey(); |
2085 HandleHotKey(); |
2086 } |
2086 } |
2087 } |
2087 } |
2088 |
2088 |
|
2089 _X_HIDDEN int |
|
2090 TsolCheckPropertyAccess(ClientPtr client, WindowPtr pWin, PropertyPtr pProp, |
|
2091 Atom propertyName, Mask access_mode) |
|
2092 { |
|
2093 if (pProp == NULL) { |
|
2094 return XTSOL_ALLOW; |
|
2095 } |
|
2096 |
|
2097 if (access_mode & DixCreateAccess) { |
|
2098 if (!PolyProperty(propertyName, pWin) && |
|
2099 xtsol_policy(TSOL_RES_PROPERTY, TSOL_CREATE, |
|
2100 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2101 return XTSOL_IGNORE; |
|
2102 else |
|
2103 return XTSOL_ALLOW; |
|
2104 } |
|
2105 |
|
2106 if (access_mode & DixReadAccess) { |
|
2107 if (!PolyProperty(propertyName, pWin) && |
|
2108 xtsol_policy(TSOL_RES_PROPERTY, TSOL_READ, |
|
2109 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2110 return XTSOL_IGNORE; |
|
2111 else |
|
2112 return XTSOL_ALLOW; |
|
2113 } |
|
2114 |
|
2115 if (access_mode & DixWriteAccess) { |
|
2116 if (!PolyProperty(propertyName, pWin) && |
|
2117 xtsol_policy(TSOL_RES_PROPERTY, TSOL_MODIFY, |
|
2118 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2119 return XTSOL_IGNORE; |
|
2120 else |
|
2121 return XTSOL_ALLOW; |
|
2122 } |
|
2123 |
|
2124 if (access_mode & DixDestroyAccess) { |
|
2125 if (!PolyProperty(propertyName, pWin) && |
|
2126 xtsol_policy(TSOL_RES_PROPERTY, TSOL_DESTROY, |
|
2127 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2128 return XTSOL_IGNORE; |
|
2129 else |
|
2130 return XTSOL_ALLOW; |
|
2131 } |
|
2132 } |
|
2133 |
2089 static CALLBACK( |
2134 static CALLBACK( |
2090 TsolCheckPropertyAccess) |
2135 TsolAceCheckPropertyAccess) |
2091 { |
2136 { |
2092 XacePropertyAccessRec *rec = (XacePropertyAccessRec *) calldata; |
2137 XacePropertyAccessRec *rec = (XacePropertyAccessRec *) calldata; |
2093 ClientPtr client = rec->client; |
2138 ClientPtr client = rec->client; |
2094 WindowPtr pWin = rec->pWin; |
2139 WindowPtr pWin = rec->pWin; |
2095 PropertyPtr pProp = *rec->ppProp; |
2140 PropertyPtr pProp = *rec->ppProp; |
2096 Atom propertyName = pProp->propertyName; |
2141 Atom propertyName = pProp->propertyName; |
2097 Mask access_mode = rec->access_mode; |
2142 Mask access_mode = rec->access_mode; |
2098 |
2143 |
2099 if (pProp == NULL) { |
2144 if (TsolCheckPropertyAccess(client, pWin, pProp, |
2100 return; |
2145 propertyName, access_mode) != XTSOL_ALLOW) { |
2101 } |
2146 rec->status = BadAccess; |
2102 |
|
2103 if (access_mode & DixReadAccess) { |
|
2104 if (!PolyProperty(propertyName, pWin) && |
|
2105 xtsol_policy(TSOL_RES_PROPERTY, TSOL_READ, |
|
2106 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2107 rec->status = BadAccess; |
|
2108 /* this used to be: |
|
2109 return SecurityIgnoreOperation; |
|
2110 else |
|
2111 return SecurityAllowOperation; |
|
2112 */ |
|
2113 } |
|
2114 |
|
2115 if (access_mode & DixWriteAccess) { |
|
2116 if (!PolyProperty(propertyName, pWin) && |
|
2117 xtsol_policy(TSOL_RES_PROPERTY, TSOL_MODIFY, |
|
2118 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2119 rec->status = BadAccess; |
|
2120 /* this used to be: |
|
2121 return SecurityIgnoreOperation; |
|
2122 else |
|
2123 return SecurityAllowOperation; |
|
2124 */ |
|
2125 } |
|
2126 |
|
2127 if (access_mode & DixDestroyAccess) { |
|
2128 if (!PolyProperty(propertyName, pWin) && |
|
2129 xtsol_policy(TSOL_RES_PROPERTY, TSOL_DESTROY, |
|
2130 pProp, client, TSOL_ALL, (void *)MAJOROP)) |
|
2131 rec->status = BadAccess; |
|
2132 /* this used to be: |
|
2133 return SecurityIgnoreOperation; |
|
2134 else |
|
2135 return SecurityAllowOperation; |
|
2136 */ |
|
2137 } |
2147 } |
2138 } |
2148 } |
2139 |
2149 |
2140 static CALLBACK( |
2150 static CALLBACK( |
2141 TsolCheckExtensionAccess) |
2151 TsolCheckExtensionAccess) |