xace: drop background-none checking hook, add new hook for controlling

access to other clients.

Xext/security.c

@@ -1196,16 +1196,6 @@ SecurityCheckMapAccess(CallbackListPtr *pcbl, pointer unused,
 	rec->status = BadAccess;
 }
 
-static void
-SecurityCheckBackgrndAccess(CallbackListPtr *pcbl, pointer unused,
-			    pointer calldata)
-{
-    XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
-
-    if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
-	rec->status = BadAccess;
-}
-
 static void
 SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
 		       pointer calldata)
@@ -1848,7 +1838,6 @@ SecurityExtensionInit(INITARGS)
     XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
     XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
     XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
-    XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
     XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
     XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
     XaceRC(XACE_SERVER_ACCESS, SecurityCheckServerAccess, NULL);

Xext/xace.c

@@ -113,8 +113,7 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_MAP_ACCESS:
-	case XACE_BACKGRND_ACCESS: {
+	case XACE_MAP_ACCESS: {
 	    XaceMapAccessRec rec = {
 		va_arg(ap, ClientPtr),
 		va_arg(ap, WindowPtr),
@@ -124,6 +123,17 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
+	case XACE_CLIENT_ACCESS: {
+	    XaceClientAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, ClientPtr),
+		va_arg(ap, Mask),
+		Success /* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.status;
+	    break;
+	}
 	case XACE_EXT_DISPATCH:
 	case XACE_EXT_ACCESS: {
 	    XaceExtAccessRec rec = {

Xext/xace.h

@@ -47,7 +47,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_PROPERTY_ACCESS		4
 #define XACE_DRAWABLE_ACCESS		5
 #define XACE_MAP_ACCESS			6
-#define XACE_BACKGRND_ACCESS		7
+#define XACE_CLIENT_ACCESS		7
 #define XACE_EXT_ACCESS			8
 #define XACE_SERVER_ACCESS		9
 #define XACE_SELECTION_ACCESS		10

Xext/xacestr.h

@@ -71,13 +71,20 @@ typedef struct {
 } XaceDrawableAccessRec;
 
 /* XACE_MAP_ACCESS */
-/* XACE_BACKGRND_ACCESS */
 typedef struct {
     ClientPtr client;
     WindowPtr pWin;
     int status;
 } XaceMapAccessRec;
 
+/* XACE_CLIENT_ACCESS */
+typedef struct {
+    ClientPtr client;
+    ClientPtr target;
+    Mask access_mode;
+    int status;
+} XaceClientAccessRec;
+
 /* XACE_EXT_DISPATCH */
 /* XACE_EXT_ACCESS */
 typedef struct {

Xext/xselinux.c

@@ -1156,15 +1156,6 @@ XSELinuxMap(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	rec->status = BadAccess;
 } /* XSELinuxMap */
 
-static void
-XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-    XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
-    if (IDPerm(rec->client, rec->pWin->drawable.id,
-               SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success)
-	rec->status = BadAccess;
-} /* XSELinuxBackgrnd */
-
 static void
 XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
@@ -1398,7 +1389,6 @@ XSELinuxExtensionInit(INITARGS)
     XaceRegisterCallback(XACE_RESOURCE_ACCESS, XSELinuxResLookup, NULL);
     XaceRegisterCallback(XACE_MAP_ACCESS, XSELinuxMap, NULL);
     XaceRegisterCallback(XACE_SERVER_ACCESS, XSELinuxServer, NULL);
-    XaceRegisterCallback(XACE_BACKGRND_ACCESS, XSELinuxBackgrnd, NULL);
     XaceRegisterCallback(XACE_DRAWABLE_ACCESS, XSELinuxDrawable, NULL);
     XaceRegisterCallback(XACE_PROPERTY_ACCESS, XSELinuxProperty, NULL);
     /* XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, XSELinuxDeclare, NULL);