From 299ff4c82998d2a32204bfbecde4993dfbd3d4a5 Mon Sep 17 00:00:00 2001
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date: Wed, 28 Mar 2007 12:57:11 -0400
Subject: [PATCH] xace: provide creation-time resource hook call in
 CreateWindow().

---
 dix/window.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/dix/window.c b/dix/window.c
index e4f1ae1eb..2e852099a 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -729,6 +729,14 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
 
     pWin->borderWidth = bw;
 
+    /*  security creation/labeling check
+     */
+    if (!XaceHook(XACE_RESOURCE_ACCESS, wid, RT_WINDOW, DixCreateAccess, pWin))
+    {
+	xfree(pWin);
+	*error = BadAccess;
+	return NullWindow;
+    }
     /*  can't let untrusted clients have background None windows;
      *  they make it too easy to steal window contents
      */