frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xace: Remove the audit hooks and tune dispatch 

There are no in-tree consumers of the audit hooks, and they are in any
case redundant with the dtrace dispatch hooks. Neither is there any
in-tree user of the core request dispatch hook. The extension hook is
only used for non-default security cases, but in the absence of LTO we
always have to take the function call into XaceHookDispatch to find out
that there's no callback registered.

Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Adam Jackson 2016-04-29 14:22:52 -04:00
parent da9fec4edd
commit 6cb34816af
3 changed files with 14 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Xext/xace.c
View File

@ -33,28 +33,17 @@ _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = { 0 };
/* Special-cased hook functions. Called by Xserver. /* Special-cased hook functions. Called by Xserver.
*/ */
#undef XaceHookDispatch
int int
XaceHookDispatch(ClientPtr client, int major) XaceHookDispatch(ClientPtr client, int major)
{ {
/* Call the audit begin callback, there is no return value. */ /* Call the extension dispatch hook */
XaceAuditRec rec = { client, 0 }; ExtensionEntry *ext = GetExtensionEntry(major);
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec); XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
if (ext)
if (major < 128) { CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
/* Call the core dispatch hook */ /* On error, pretend extension doesn't exist */
XaceCoreDispatchRec drec = { client, Success /* default allow */ }; return (erec.status == Success) ? Success : BadRequest;
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &drec);
return drec.status;
}
else {
/* Call the extension dispatch hook */
ExtensionEntry *ext = GetExtensionEntry(major);
XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
if (ext)
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
/* On error, pretend extension doesn't exist */
return (erec.status == Success) ? Success : BadRequest;
}
} }
int int
@ -74,14 +63,6 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode)
return rec.status; return rec.status;
} }
void
XaceHookAuditEnd(ClientPtr ptr, int result)
{
XaceAuditRec rec = { ptr, result };
/* call callbacks, there is no return value. */
CallCallbacks(&XaceHooks[XACE_AUDIT_END], &rec);
}
/* Entry point for hook functions. Called by Xserver. /* Entry point for hook functions. Called by Xserver.
*/ */
int int

12
Xext/xace.h
View File

@ -52,9 +52,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#define XACE_SCREENSAVER_ACCESS 12 #define XACE_SCREENSAVER_ACCESS 12
#define XACE_AUTH_AVAIL 13 #define XACE_AUTH_AVAIL 13
#define XACE_KEY_AVAIL 14 #define XACE_KEY_AVAIL 14
#define XACE_AUDIT_BEGIN 15 #define XACE_NUM_HOOKS 15
#define XACE_AUDIT_END 16
#define XACE_NUM_HOOKS 17
extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS]; extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
@ -71,12 +69,16 @@ extern _X_EXPORT int XaceHookIsSet(int hook);
/* Special-cased hook functions /* Special-cased hook functions
*/ */
extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major); extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major);
#define XaceHookDispatch(c, m) \
((XaceHooks[XACE_EXT_DISPATCH] && (m) >= EXTENSION_BASE) ? \
XaceHookDispatch((c), (m)) : \
Success)
extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin, extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
PropertyPtr *ppProp, PropertyPtr *ppProp,
Mask access_mode); Mask access_mode);
extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel, extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel,
Mask access_mode); Mask access_mode);
extern _X_EXPORT void XaceHookAuditEnd(ClientPtr ptr, int result);
/* Register a callback for a given hook. /* Register a callback for a given hook.
*/ */
@ -116,7 +118,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
#define XaceHookDispatch(args...) Success #define XaceHookDispatch(args...) Success
#define XaceHookPropertyAccess(args...) Success #define XaceHookPropertyAccess(args...) Success
#define XaceHookSelectionAccess(args...) Success #define XaceHookSelectionAccess(args...) Success
#define XaceHookAuditEnd(args...) { ; }
#define XaceCensorImage(args...) { ; } #define XaceCensorImage(args...) { ; }
#else #else
#define XaceHook(...) Success #define XaceHook(...) Success
@ -124,7 +125,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
#define XaceHookDispatch(...) Success #define XaceHookDispatch(...) Success
#define XaceHookPropertyAccess(...) Success #define XaceHookPropertyAccess(...) Success
#define XaceHookSelectionAccess(...) Success #define XaceHookSelectionAccess(...) Success
#define XaceHookAuditEnd(...) { ; }
#define XaceCensorImage(...) { ; } #define XaceCensorImage(...) { ; }
#endif #endif

1
dix/dispatch.c
View File

@ -426,7 +426,6 @@ Dispatch(void)
if (result == Success) if (result == Success)
result = result =
(*client->requestVector[client->majorOp]) (client); (*client->requestVector[client->majorOp]) (client);
XaceHookAuditEnd(client, result);
} }
if (!SmartScheduleSignalEnable) if (!SmartScheduleSignalEnable)
SmartScheduleTime = GetTimeInMillis(); SmartScheduleTime = GetTimeInMillis();